SSO SAML Integration Instructions
This article lists the steps needed to configure Microsoft Entra or other SSO SAML integration with Tenna.
š„Integrations is a premium product and requires a separate license. Please contact your Account Manager for more information on premium product licenses or reach out to Customer Support at help@tenna.com or call 888.836.6269.
Generic SAML Integration Instructions
- 1
- Create a Custom SAML Application.
In your Identity Provider's administrative console, look for the option to add a new application.
- Action: Create a New Application.
- Type: Select "Custom App", "Non-gallery application", or "SAML 2.0".
- Name: Enter "Tenna" (or a name of your choice).
- 2
- Configure the Service Provider (SP) details.
You will need to input Tennaās specific connection details into your IdP.
- Entity ID / Audience URI: Input: urn:amazon:cognito:sp:us-east-1_OcObtz01o
NOTE: This is sometimes case-sensitive.
- ACS URL / Reply URL / Single Sign-On URL: Input: https://prd-tenna.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- Name ID Format: Select: "EmailAddress" (or "Unspecified" if Email is not available).
- 3
- Map user attributes (claims).
Tenna requires specific user details to be passed in the SAML assertion to create or identify the user. Map the following attributes in your IdP to the corresponding user profile fields.
| Generic Attribute Name | Tenna Requirement | Value to Map (from your directory) |
| NameID /Subject | Required | User's Email Address |
| Required | User's Email Address | |
| firstName (or givenName) | Required | User's First Name |
| lastName (or surname) | Required | User's Last Name |
NOTE: Ensure the attribute names (left column) exactly match what Tenna expects. Some IdPs send full URLs (e.g., http://schemas.xmlsoap.org/.../emailaddress); you may need to simplify them to just email if Tenna does not parse the long format.
- 4
- Download IdP metadata.
Once the application is saved in your IdP, you must export the configuration data to send to your Tenna Account Manager or Integrations Project Manager.
- Action: Locate the "SAML Signing Certificate" or "IdP Metadata" section.
-
Download: The "Metadata XML" file (preferred).
Alternative: If you cannot download XML, copy the Login URL (SSO URL), IdP Entity ID (Issuer), and download the X.509 Certificate.
- 5
- Contact your Tenna Account Manager or Integrations Project Manager to enable SSO in Tenna.
Microsoft Entra Integration Instructions
Create Enterprise Application in Entra
- 1
- Go to the Entra Active Directory.
- 2
- In the left sidebar, select "Enterprise applications".
- 3
- Select "New application".
- 4
- On the Browse Entra Gallery page, select "Create your own application".
- 5
- Under "What's the name of your app?", enter "Tenna" for your application and select "Integrate any other application you don't find in the gallery (Non-gallery)".
It will take few seconds for the application to be created in Entra and then you will be redirected to the Overview page for the newly added application.
Configure the Tenna Application
- 1
- On the Getting Started page, click "Get started" on the "Set up single sign on" tile.
- 2
- On the next screen, select "SAML".
- 3
- In the middle pane under "Set up Single Sign-On with SAML", click the edit icon in the Basic SAML Configuration section.
- 4
- In the right pane under Basic SAML Configuration, take the following actions:
- Replace the default Identifier ID (Entity ID) with the value urn:amazon:cognito:sp:us-east-1_OcObtz01o
-
In the Reply URL (Assertion Consumer Service URL) field enter both of the following:
https://prd-tenna.auth.us-east-1.amazoncognito.com/saml2/idpresponse https://login.tenna.com/saml2/idpresponse
- 5
- Click "Save".
- 6
- Setup user claims (TBD).
- 7
- Scroll down to the SAML Signing Certification section and copy the App Federation Metadata URL to be provided to Tenna to finish the integration configuration.
Assign Users to Tenna Application
- 1
- On the Getting Started page, select "Assign users and groups".
- 2
- Select "Add user/group".
- 3
- Select users and click "Assign" on the bottom left.
- 4
- Verify selected users show up under the Tenna App.
Terminology
Refer to the following table if your IdP uses different terminology than Azure AD.
| Azure AD Term | Generic / Other IdP Term |
| Enterprise Application | SAML App, Connector, Service Provider |
| Identifier (Entity ID) | Audience URI, SP Entity ID, Audience |
| Reply URL | ACS URL, Assertion Consumer Service, Destination URL |
| Unique User Identifier (Name ID) | SAML Subject, NameID, Application Username |
| App Federation Metadata Url | IdP Metadata URL, IdP XML |
NOTE: For questions, reach out to the Tenna Integrations Department integrations@tenna.com.